Re: External trusts between domains are there any risks?

Yeah the W2K trusts you so it is the trusting and yes there are very possible security issues there. Any shares or applications that are open to authenticated users or everyone will be open to users from your domain.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm



Krusty wrote:
Joe,
Thanks for the Info.

The trust is to allow the NT4 domain users to access limited resources in the WIN2k domai, this will be file shares on a single server.

So i think thats NT4 is the trusted and WIN2k is the trusting (?)

Krusty


"Joe Richards [MVP]" wrote:

Well you don't specify the direction of the trust which makes a difference but either way there can be information disclosure risks. In one direction you can enumerate every account/computer a domain has, in the other you can access file shares and applications that depend on Windows security that aren't properly secured.

If your plans are to join the W2K domain in the future, you will take your queues from the admins of the W2K domain, that is how you will get in. So whatever mechanism they specify is what you will use.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm



Krusty wrote:
Question about using external trusts between domains?

I have a WIN2k and NT4 domains and need to have a one way trust setup between the two. I am admin on the NT4 domain but not the Win2k domian. The WIN2k admin refuses to put the trust in place, they say this is due to security risks but refuse to identify or expand on exactly what these are.
Can anyone enlighten me as to what the security risks are, and if it would cause issues if we were to migrate the NT4 domain to the Win2K domain in the near future?

Thanks In advance.
Krusty
.

Relevant Pages

  • Re: External trusts between domains are there any risks?
    ... Joe Richards Microsoft MVP Windows Server Directory Services ... You could always put the data in your domain and enable the trust the other way round. ... domain i dont get why my win2k admins are having a fit over the share....... ... I am admin on the NT4 domain but not the Win2k domian. ...
    (microsoft.public.windows.server.active_directory)
  • Re: External trusts between domains are there any risks?
    ... The trust relationship you want is the wrong way round. ... domain i dont get why my win2k admins are having a fit over the ... Joe Richards Microsoft MVP Windows Server Directory Services ... I am admin on the NT4 domain but not the Win2k ...
    (microsoft.public.windows.server.active_directory)
  • Re: External trusts between domains are there any risks?
    ... I understand the implications of the trust, but surely if we migrate to the ... domain i dont get why my win2k admins are having a fit over the share....... ... possible security issues there. ... Any shares or applications that are open ...
    (microsoft.public.windows.server.active_directory)
  • Windows 2000 Server & NT4 Trust Relationship
    ... I know this is a discussion group on security and I am ... I have a windows 2000 domain and an nt4 domain with two ... The trust is working. ... I have checked the permissions and they all ...
    (microsoft.public.win2000.security)
  • Re: Least User Priviledges for Network Administrators
    ... Trust how? ... Do we trust them to maintain network equipment? ... Do we trust them to observe proper security practices on the desktop, ... Training users that need administrator access to logon as a regular ...
    (microsoft.public.windowsxp.security_admin)